Remote management of employees personal cell phones ...
-
I believe some devices/MDM setups allow you to create an isolated space on an employee owned device. You then control that isolated space not the whole device. When the employee leaves that controlled bit can be removed without wiping the device.
No idea how effective/reliable/manageable any of that is since I've not implemented or supported that style of MDM setup. Only done full company owned devices myself.
-
Looks like your management are bunch of cheapskates. If I was offered stipend for use of my personal phone, it would have to cover the cost of calls, text and data for business use, and on top hefty monthly fee for wear and tear. If you want me to use my device, you rent it from me, so you need to pay for it.
Now the control of the data. Under no circumstances I would allow the company any access to my phone. They need to trust me with it, or they can pound sand, end of story.
-
I don't think it is legal to do that on personal devices.
-
@Emad-R said in Remote management of employees personal cell phones ...:
I don't think it is legal to do that on personal devices.
It absolutely in in the U.S.
-
@Emad-R said in Remote management of employees personal cell phones ...:
I don't think it is legal to do that on personal devices.
Legal to ask, not legal to require or pressure.
-
@JaredBusch said in Remote management of employees personal cell phones ...:
@Emad-R said in Remote management of employees personal cell phones ...:
I don't think it is legal to do that on personal devices.
It absolutely in in the U.S.
That is why we keep winning this:
Canada Has Officially Ranked #1 In The World For Best Quality Of Life -
second year in a row of being the best -
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
Let's reword this...
Basically they said...
"We want to stop having the right to wipe devices and protect our data."
And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.
This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.
I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
-
@BraswellJay said in Remote management of employees personal cell phones ...:
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
Our management team has decided that they want to end company issued cell phones and instead provide a monthly stipend for work use of personal phones. As part of that they want to to be able to protect company data on personal phones. Basically they want to wipe company data if the employee leaves the company.
Let's reword this...
Basically they said...
"We want to stop having the right to wipe devices and protect our data."
And then they said "We want to get back the thing we just gave up."
Which do they want, to not pay for the phones, or to control the data? They have to choose.
This was pretty much my thoughts as well so glad to see I'm not out in left field in thinking that way.
I had objected to the whole notion and told them that I wouldn't want to allow the company to control my personal phone and I doubted other employees did either.
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Many employees feel trapped. They don't feel they can say no without being fired. or they simply don't care/don't think about (oh that's the same thing).
-
While I agree with all the arguments above, it is also true that there are things like selective wipe possible. But as stated it comes down to how much you wanna pay for the product to do something like that. As an employee I would be perfectly comfortable with allowing control of my device to a limited sandbox like that.
Of course she wants to have to trust your employer when they say that’s all they can do with the solution they are using.
-
@NDC said in Remote management of employees personal cell phones ...:
I believe some devices/MDM setups allow you to create an isolated space on an employee owned device. You then control that isolated space not the whole device. When the employee leaves that controlled bit can be removed without wiping the device.
No idea how effective/reliable/manageable any of that is since I've not implemented or supported that style of MDM setup. Only done full company owned devices myself.
Yeah this is how Intune works with BYOD. It just manages and controls the company aspect.
-
@BraswellJay said in Remote management of employees personal cell phones ...:
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.
-
@scottalanmiller said in Remote management of employees personal cell phones ...:
@BraswellJay said in Remote management of employees personal cell phones ...:
But then one of the managers has a brother whose company has some control over his personal phone so I thought maybe the practice was more widespread than I had thought.
Directly stealing from employees is actually common. In the US, employees are so scared and have so little protections from alternative retributions for sticking up for their "rights" that they often effectively have none.
This is true in Canada too. Labour law does not help you unless you are prepared to get fired and take legal action.
-
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
-
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
-
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
-
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
-
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
This is how you do it - from MS link I posted earlier
"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."
If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.
Are you able to enable remote removal of the app with just this feature?
-
@Emad-R said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
@flaxking said in Remote management of employees personal cell phones ...:
@IRJ said in Remote management of employees personal cell phones ...:
You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.
With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?
I'm pretty sure you can do what I described, but I'm not 100% sure.
It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.
But it is always this case with us, the difference of taking snaphot or deleing the whole VM is just button, that is why we have all those stress related issues
If companies were interested in investing in proper pipelines for our work, it would make our lives much less stressful.
